Nova 'Plundervolt' ranjivost Intel CPU-a iskorištava vCore za grešku SGX-a i krađu zaštićenih podataka



A group of cybersecurity researchers have discovered a new security vulnerability affecting Intel processors, which they've craftily named 'Plundervolt,' a portmanteau of the words 'plunder' and 'undervolt.' Chronicled under CVE-2019-11157, it was first reported to Intel in June 2019 under its security bug-bounty programme, so it could secretly develop a mitigation. With the 6-month NDA lapsing, the researchers released their findings to the public. Plundervolt is described by researchers as a way to compromise SGX (software guard extensions) protected memory by undervolting the processor when executing protected computations, to a level where SGX memory-encryption no longer protects data. The researchers have also published proof-of-concept code.

Plundervolt se razlikuje od 'Rowhammera' po tome što fitira bitove unutar procesora prije nego što ih upiše u memoriju, tako da ih SGX ne štiti. Rowhammer ne radi s SGX-om zaštićenom memorijom. Plundervolt zahtijeva root privilegije kao softver koji vam omogućava podešavanje vCore-a zahtijeva pristup ring-0. Ne treba vam izravan fizički pristup ciljnom stroju, jer se softver za podešavanje također može pokrenuti na daljinu. Intel je izneo sigurnosne savjete SA-00298 i surađuje s dobavljačima matičnih ploča i OEM-ovima na objavljivanju BIOS-ovih ažuriranja koja spajaju novi mikrokod s ublažavanjem ove ranjivosti. Istraživački rad možete pročitati ovdje.
Source: Plundervolt